BPM Admin Guide

Pentaho 10.2: Resolving SSL Truststore Issues

This section outlines how to resolve SSL Truststore Issues for Java SDK with FlexNet License Services (Pentaho 10.2).

Java SDK cannot establish a trusted SSL connection to the FlexNet License Services because it does not recognize the SSL certificate authority (CA) of the remote server. Follow the steps below to resolve this issue.

Note: This is a Java SDK truststore problem, not an issue with the FlexNet or Pentaho tools directly.

Export the Zscaler Root Certificate

Follow these steps to get the Zscaler root or intermediate CA certificate (the one that re-signs Flexera's SSL certificate):

Note: The steps may vary depending on the operating system (OS) and web browser.
  1. Open the following link in your browser (Chrome or Firefox):

    https://pentaho.compliance.flexnetoperations.com/deviceservices

  2. Click the Lock icon, the select Certificate (or Connection is secure).
  3. Click Details. You may need to click Certificate is valid then go to the Details tab.
  4. Click Copy to File or Export and save the file as pentaho_compliance.crt.

Import the Certificate

  1. Depending on your OS environment, do the following:
    • On Windows: Open the command prompt and run the command:

      keytool -import -alias pentaho_compliance_cert -keystore "%JAVA_HOME%\lib\security\cacerts" -file <path>/<to>/pentaho_compliance.crt

    • On Linux: Open the terminal, run the command:

      sudo keytool -import -trustcacerts -alias pentaho_compliance_cert \ -file /<path>/<to>/pentaho_compliance.crt \ -keystore /<path>/<to>/pentaho/jre/lib/security/cacerts

  2. When prompted, enter the default password for the keystore (changeit) and click Yes.
  3. Activate the license via the URL or run the flexnetlsadmin.bat command.